Customers running Windows Server 2003 Service Pack 2, Windows Vista, and Windows Vista Service Pack 1 are not vulnerable to the buffer overrun being attacked, as they include a version of the Microsoft Jet Database Engine that is not vulnerable to this issue.

We’ve activated our Software Security Incident Response Process (SSIRP)to investigate the vulnerability and have identified steps customers can take to protect themselves in the workaround section. As part of our SSIRP process, we currently have teams working to develop an update of appropriate quality for release in our regularly scheduled bulletin process or as an out-of-band update, depending on customer impact. In the meantime, we encourage customers to review the advisory and implement the workarounds.

While the attack appears to be targeted, and not widespread, we are monitoring the issue and are working with our MSRA partners to help protect customers. We will update the Advisory and thisblog as new information becomes available.

Bill Sisk

*This posting is provided “AS IS” with no warranties, and confers no rights.*